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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 09/1 1/2009 has been entered. 

This Office Action is in response to the communication filed on 09/1 1/2009. 
Claims 1-8, 12, and 26 have been cancelled. 

Claims 9, 10-11, 14, and 25 have been amended. 

Claim 27 has been added. 

Claims 9-11, 13-25, and 27 have been examined and are pending. 

Response to Arguments 

Applicant's arguments, see pages 6-7, filed 09/1 1/2009, with respect to the objection of 
the drawing and the specification have been fully considered. The objection of the drawing and 
the specification has been withdrawn due to the Applicant acknowledgment that prior art label of 
figures 1 and 2 were incorrect used. 
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Applicant's arguments, see page 7, filed 09/1 1/2009, with respect to the objection of 
claims 1 1 and 25 have been fully considered. The objection of claims 1 1 and 25 has been 
withdrawn due to amendment. 

Applicant's arguments, see pages 7-8, filed 09/1 1/2009, with respect to the 35 U.S.C. 
1 12, 1 st rejection of claims 9-11, 13-15, and 26 have been fully considered. The 35 U.S.C. 1 12, 
1 st rejection of claims 9-11, 13-15, and 26 has been withdrawn due to amendment. 

Applicant's arguments, see page 8, filed 09/1 1/2009, with respect to the 35 U.S.C. 1 12, 
2 nd rejection of claims 9-11, 13-25, and 26 have been fully considered. The 35 U.S.C. 1 12, 2 nd 
rejection of claims 9-11, 13-25, and 26 has been withdrawn due to amendment. 

Applicant's arguments, see page 8, filed 09/1 1/2009, with respect to the 35 U.S.C. 101 
rejection of claim 26have been fully considered. The 35 U.S.C. 101 rejection of claim 26 due to 
cancellation of claim 26. 

Applicant's arguments with respect to claims 9-11, 13-25, and 27 have been considered 
but are moot in view of the new ground(s) of rejection. 

Specification 

The disclosure is objected to because it contains an embedded hyperlink and/or other 
form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or 
other form of browser-executable code. See MPEP § 608.01 . 



Claim Objections 

Claims 9, 15, and 27 are objected to because of the following informalities: 
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(Claim 9, line 9): "said owner" should be replaced "said computer-implemented owner" 
to avoid potentially antecedent basis. Appropriate correction is required. 

(Claim 9, line 14): "point of access" should be replaced "shared point of access" to avoid 
potentially antecedent basis. Appropriate correction is required. 

(Claim 9, line 16): "point of access" should be replaced "shared point of access" to 
avoid potentially antecedent basis. Appropriate correction is required. 

(Claim 15, line 2): "said other service provider affiliation" should be replaced "other 
service provider affiliation" to avoid potentially antecedent basis. Appropriate correction is 
required. 

(Claim 27, line 3): the symbol "/" in the phrase "provider / affiliation". It is unclear the 
meaning of the symbol "/". Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claim 9 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

Claim 9 recites the limitation "the virtue" in line 15. There is insufficient antecedent 
basis for this limitation in the claim. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 9-11, 13-25, and 27 are rejected under 103(a) as being unpatentable over Yared et al. 
(US 2003/0149781 Al) in view of Pardo-Blazquez et al. (US 2007/0226774 Al). 

As per claim 9: 

Yared teaches a computer-implemented method for establishing an affiliation within a single 
sign-on system, comprising the steps of: 

(a) establishing one or more affiliations of computer-implemented service providers, each 
affiliation acting as a single entity on a network for purposes of any of authentication, federation, 
and authorization [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is linked with Service 
Provider A 910 and service provider B 915. User directory 920 for identity provider A 905 
illustrates how multiple service provider accounts are linked"]; 

(b) establishing a computer-implemented owner of each said affiliation that maintains a 
list that shows which service providers are members of said affiliation, as well as any control 
structure or meta-data associated with said affiliation [Yared: fig. 9; par. [0117]; "Identity 
Provider A 905 is linked with Service Provider A 910 and service provider B 915. User 
directory 920 for identity provider A 905 illustrates how multiple service provider accounts 
are linked"; user directory 920 includes Service Provider A & Service Provider B] said 
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owner comprising a shared point of access for said service providers [Yared: fig. 9; par. 
[0117]; Identifier A is a shared point of access of Service Provider A and Service Provider 
B] and 

(c) providing a unique identifier for each said affiliation within said single sign-on 
system in which said affiliation is defined [Yared: fig. 9; par. [0117]; "Identity Provider A 905 
is linked with service Provider A 910 and Service provider B 915. User directory 920 for 
identity provider A 905 illustrates how multiple service provider accounts are linked"; 
"This configuration allows a user to authentication with multiple service providers 910, 915 
using identity provider A 905;" par. [0009]; A single sign-on architecture is provided to 
facilitate user interactions with service providers; Identity Provider A is a unique identifier 
for affiliation of Service Provider A and Service Provider B; par. [0045]; lines 6-8], 

Yared discloses an explicit trust chain is created when a user invokes account linking 
between a service provider and an identity provider [Yared: par. [0010], an explicit trust; par. 
[0012], [0109], [0113], figs. 9, 11] but does not explicitly disclose wherein trust is established 
with a user at said shared point of access for purposes of authentication and authorization, even if 
said point of access does not share common authentication requirements, by the virtue of said 
affiliation between said service providers at said point of access. 

However, Pardo-Blazquez teaches liberty discovery service enhancements, wherein trust 
is established with a user at said shared point of access for purposes of authentication and 
authorization, even if said point of access does not share common authentication requirements, 
by the virtue of said affiliation between said service providers at said point of access [Pardo- 
Blazquez: fig.l; par. [0014]; user (150-2) interacting with user terminal (150-1), Identity 
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Provider IDP (90), Plurality of Service Providers SPs (110, 120, 130, 140), Discovery 
Service Server (DS server 100); par. [0016]; "User (150) can communicate (11) with more 
than one SP (110,120,130) and gain access to different services that are subject to user 
authentication by using SSO feature ... For example, the user (150) established a first 
communication with SP 100 and gets authenticated in this SP ... The IDP provides an 
authentication assertion to SP 120, which grants access to the corresponding service in this 
SP without the user having to provide his credential again"; IDP is known as a shared 
point of access for purpose of authentication and authentication]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at the time 
the invention was made to combine the method of Yared by including the teaching of Pardo- 
Blazquez, wherein trust is established with a user at said shared point of access for purposes of 
authentication and authorization, even if said point of access does not share common 
authentication requirements, by the virtue of said affiliation between said service providers at 
said point of access to provide a registration process for registering a non-registered identity 
service of a user from a Discovery Service server, said user is alleviated of having an accurate 
knowledge about what identity services can he benefit from, and also alleviated of having to find 
by himself a Service Provider which can host said identity services [Pardo-Blazquez: par. 
[0028]. 



As per claim 10: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, further comprising the steps of: 
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(a) each one of multiple principals acquiring a federated identity [Yared: par. [0047] ; 
Embodiments of the present invention include single sign-on, federated identity and web 
service features; par. [0110-0111]; fig. 5 is an interaction flowchart illustrating an identity 
federation process; par. [0120-0121]; fig. 14, [0122]; "a user is authenticated by an identity 
provider and redirected to service provider"]; 

(b) providing an identity provider to authenticate and vouch for said principals [Yared: 
par. [0009], lines 6-8; an identity provider is an entity that creates, manages, and stores 
identity information for a plurality of users; par. [0047]; a federated identity; par. [0110- 
0111]; fig. 5 is an interaction flowchart illustrating an identity federation process; par. 
[0120-0121]; fig. 14, [0122]; "a user is authenticated by an identity provider and redirected 
to service provider"]. 

As per claim 11: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 10, further comprising the steps of: 

(a) a principal logging into said identity provider [Yared: fig. 2; login to Identity 
Provider 225; par. [0062]; par. [0063]; "the user can then login to identity provider 225 
using, for example a password-based identity credential"]; 

(b) said principal visiting a first service provider and federating to said affiliation 
[Yared: par. [0048-0049]; an identity provider authenticate a user's identity and passes a 
credential to a service provider; par. [0047]; by federating an account with an identity 
provider, for example, a user can continue to login to a service provider using an existing 
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service provider-specific username ; fig. 9; par. [0117]; "Identity Provider A 905 is linked 
with Service Provider A 910 and service provider B 915. User directory 920 for identity 
provider A 905 illustrates how multiple service provider accounts are linked"]; and 

(c) said principal then visiting any other service provider within said affiliation without 
having to separately federate to said other service provider [Yared: par. [0047] ; by federating 
an account with an identity provider, for example, a user can continue to login to a service 
provider using an existing service provider-specific username ... Further, the identity 
provider can be federated with other service providers that provide various application; ; 
fig. 9; par. [0117]; "Identity Provider A 905 is linked with Service Provider A 910 and service 
provider B 915. User directory 920 for identity provider A 905 illustrates how multiple 
service provider accounts are linked"] . 

As per claim 13: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Pardo-Blazquez further teaches providing a discovery service for enabling a web service 
consumer to discover service information regarding a user's personal web services [Pardo- 
Blazquez: fig. 1; par. [0008-0009]; Discovery Service (DS) allows a first SP to access the 
second SP which hold the wanted resource ... the service that allows a Web Service 
Consumer (WSC) to access to Web Service Provider (WSP) to act upon some resource; 
par. [0014-0017]]. 



As per claim 14: 
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The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Pardo-Blazquez further teaches the method of claim 13, further comprising the step of: 
providing a web service consumer associated with a service provider for requesting a service 
descriptor and assertion for service from said discovery service and for presenting an assertion 
from an other service provider with affiliate information [Pardo-Blazquez: fig. 1; par. [0008- 
0009] ; Discovery Service (DS) allows a first SP to access the second SP which hold the 
wanted resource ... the service that allows a Web Service Consumer (WSC) to access to 
Web Service Provider (WSP) to act upon some resource; par. [0014-0017]; authentication 
assertion]. 

As per claim 15: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Pardo-Blazquez further teaches the method of claim 14, further comprising the step of: 
said discovery service checking said other service provider affiliation and generating a service 
assertion based upon said other service provider affiliation [Pardo-Blazquez: fig. 1; par. 
[0008-0009]; par. [0014-0017], [0026], [0030]]. 

As per claim 16: 

Pardo-Blazquez further teaches the method of claim 15, further comprising the step of: 
said web service consumer invoking a service with said service assertion via a web service 
provider [Pardo-Blazquez: fig. 1; par. [0009], the service that allows a Web Service 
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Consumer (WSC) to access to Web Service Provider (WSP) to act upon some resource; 
par. [0014-0017], [0019-0021]]. 

As per claim 17: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, wherein said affiliation has an identifier that is 
unique within a single sign-on system in which said affiliation is defined [Yared: fig. 9; par. 
[0117]; "Identity Provider A 905 is linked with service Provider A 910 and Service provider B 
915. User directory 920 for identity provider A 905 illustrates how multiple service provider 
accounts are linked"; par. [0009]; single sign-on architecture is provided to facilitate user 
interactions with service providers] . 

As per claim 18: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Yared further teaches the method of Claim 9, wherein service providers within a single 
sign-on system may be members of multiple affiliations, but are programmed to act only with a 
single affiliation for any given transaction [Yared: par. [0047] ; " By federation an account 
with an identity provider, for example, a user can continue to login to a service provider 
using existing service provider-specific username and also have benefits if using the identity 
providers. Further, the identity provider can be federated with other services that provide 
various applications. As described in detail below, account federation enables system 
entities to collaborate to provide user a service or perform a service on behalf of the user"]. 
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As per claim 19: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Yared further teaches the method of Claim 9, wherein a user federating with an affiliation 
automatically federates with all members of said affiliation [Yared: par. [0047]; " By 
federation an account with an identity provider, for example, a user can continue to login 
to a service provider using existing service provider-specific username and also have 
benefits if using the identity providers. Further, the identity provider can be federated with 
other services that provide various applications. As described in detail below, account 
federation enables system entities to collaborate to provide user a service or perform a 
service on behalf of the user"; See also par. [0010]; "Accounts are linked using, for 
example, dynamically generated, which are shared by service provider and identity 
provider being linked"; fig. 9; par. [0117]; "Each handle is a dynamically generated, strong 
random identifier serving as a name for the principal in the namespace between the 
identity provider and the service provider"]. 

As per claim 20: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, wherein a user authorizing access to a service by 
said federation authorizes access to any member of said affiliation [Yared: fig. 9; par. [0047]; 
par. [0117]]. 
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As per claim 21: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, further comprising the step of: 
(a) providing a unique identifier for every affiliation, and responsive to a service 

provider having a service provider identity requesting an identity of a user through different 

affiliations, said service provider receiving different, unique identifiers for each affiliation 

[Yared: figs. 9-10, pars. [0117-0118]]. 

As per claim 22: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, further comprising the step of: 
providing a common identifier to all members of said affiliation when they are acting as a part of 
said affiliation [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is linked with service 
Provider A 910 and Service provider B 915. User directory 920 for identity provider A 905 
illustrates how multiple service provider accounts are linked"; "This configuration allows a 
user to authentication with multiple service providers 910, 915 using identity provider A 
905"]; 

As per claim 23: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared further teaches the method of Claim 9, further comprising the step of: 

providing an affiliation name identifier for allowing sites to handle an automatic 
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federation that take place with all members of said affiliation [Yared: par. [0047]; " By 
federation an account with an identity provider, for example, a user can continue to login 
to a service provider using existing service provider-specific username and also have 
benefits if using the identity providers. Further, the identity provider can be federated with 
other services that provide various applications. As described in detail below, account 
federation enables system entities to collaborate to provide user a service or perform a 
service on behalf of the user"; See also par. [0010]; "Accounts are linked using, for 
example, dynamically generated, which are shared by service provider and identity 
provider being linked"; fig. 9; par. [0117]; "Each handle is a dynamically generated, strong 
random identifier serving as a name for the principal in the namespace between the 
identity provider and the service provider"]. 

As per claim 24: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared and Pardo-Blazquez further teach the method of claim 9, wherein said network comprises: 

a web services-based service infrastructure in which users manage sharing of their 
personal information across identity providers and service providers [Yared: fig. 9, 11; Par. 
[0153-156]; Web services Architecture; par. [0159]; various identity providers and services 
provider can extend schemas in many way to store information; par. [0163]; Pardo- 
Blazquez: fig. 1; par. [0014-0017]]. 



As per claim 25: 
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The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 

Yared further teaches the method of claim 24, wherein said web services implement a 
lightweight protocol for exchange of information in a decentralized, distributed environment, and 
said lightweight protocol comprises an envelope that defines a framework for describing what is 
in a message and how to process it, a set of encoding rules for expressing instances of 
application-defined data types, and a convention for representing remote procedure calls and 
responses [Yared : par. [0011]; par. [0064]; "In an embodiment, back channel 
communications use the Simple Object Access Protocol (SOAP). SOAP enables a variety of 
computing devices to interoperate over HTTP'''; See par. [0153-0161]; Web Services 
Architecture]. 

As per claim 27: 

The combination of Yared and Pardo-Blazquez teach the subject matter as described above. 
Yared and Pardo-Blazquez further teach the method of Claim 9, said unique identifier 
comprising: a principal identifier comprising any of the following semantics: 

(a) a name identifier that is unique for any service provider/affiliation combination 
[Yared: fig. 9; Joel23(a)IP A.com is known as a name identifier; Pardo-Blazquez: par. 
[0010]; an identifier which identifies uniquely a service instance of the service type which 
relates to said user ] ; 
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Conclusion 

The examiner requests, in response to this Office action, support be shown for language 
added to any original claims on amendment and any new claims. That is, indicate support for 
newly added claim language by specifically pointing to page(s) and line number(s) in the 
specification and/or drawing figure(s). This will assist the examiner in prosecuting the 
application. Failure to show support can result in a non-compliant response. 

When responding to this office action, Applicant is advised that if Applicant traverses an 
obviousness rejection under 35 U.S.C. 103, a reasoned statement must be included explaining 
why the Applicant believes the Office has erred substantively as to the factual findings or the 
conclusion of obviousness See 37 CFR 1.11 1(b). 

Additionally Applicant is further advised to clearly point out the patentable novelty which he or 
she thinks the claims present, in view of the state of the art disclosed by the references cited or 
the objections made. He or she must also show how the amendments avoid such references or 
objections See 37 CFR 1.11 1(c). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. The 
examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Orgad Edan can be reached on 571-272-7884. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Canh Le/ 

Examiner, Art Unit 2439 
December 2, 2009 



/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2439 



